LogoLogo
LogoLogo
  • Data Compliance Dojo
  • Tools
    • Free compliance assessment
  • Need-to-know guides
    • What is the EU AI Act: The Ultimate Guide
    • Why You Should Budget for a vDPO or Data Advisor in 2025
    • How to Build a B2B Sales Data Strategy
  • Data Compliance Dictionary
    • Most Searched Terms
    • Privacy by Design
    • Data Protection Officer (DPO)
    • Aggregated PII
    • Consent (legal basis)
    • Data Breach
    • Data Collection
    • Data Controller
    • Data Processing
    • Data Processor
    • Data Protection Impact Assessment (DPIA)
    • Data Subject
    • General Data Protection Regulation (GDPR)
    • Personal Identifiable Information (PII)
  • AI DPO
    • AI DPO: Lovable
    • AI DPO: ElevenLabs
    • AI DPO: PostHog
    • AI DPO: Flo
    • AI DPO: Whoop
Powered by GitBook

Links

  • Got back to Assenteo.com

© 2025 Assenteo Ltd

On this page
  • I) How We Review Companies
  • 1. Assenteo’s Take
  • 2. AI DPO Assessment
  • 3. Highlights
  • 4. Where Trust Can Grow
  1. AI DPO

AI DPO: ElevenLabs

Hi, this is AI DPO, providing data protection reviews of AI startups to showcase best practices. In these reviews, we assess basic compliance and transparency signals from public sources.

PreviousAI DPO: LovableNextAI DPO: PostHog

Last updated 28 days ago

has been a main player in the text to speech space since launching in 2022. The company recently raised $180m at Series C, having raised nearly $300m to date. With that amount of funding, it’s no surprise the company has an enterprise arm and has worked with the likes of Nvidia, Perplexity and Time. Here’s a privacy-first look at ElevenLabs to celebrate what’s working and suggest easy wins to build even more trust.

I) How We Review Companies

Through AI DPO, we’re here to help AI companies build data protection practices that are both compliant and customer-friendly.

When we review a company, we follow three simple principles:

  1. We stick to what’s public: Our reviews focus only on public-facing privacy practices, not private strategies, product features, or confidential details (those deeper insights are reserved for Assenteo users).

  2. We’re here to raise the bar, not rank companies: Our goal isn’t to criticize. It’s to lift the overall standard of data protection across the AI space and help everyone build stronger, more trusted products.

  3. We’re a snapshot in time: Our reviews reflect what we see on the date we publish. Companies change and grow, and so will their privacy practices.

We believe good data protection is good business and we’re excited to be part of helping AI companies get it right.

1. Assenteo’s Take

As a speech to text solution, data protection becomes part of the technology’s design because of needs of two types of users:

  • End user: The end user of a product utilizing ElevenLabs may share personal data and may need clarity around how this data is processed. They may also want to know why their data is processed or sent to other companies.

  • Enterprise: As ElevenLabs work with enterprises, more stringent data protection practices need to be in place. This is especially the case when sensitive data, such as health data is collected and processed by the product.

ElevenLabs is mature in data protection and shows practices that other US AI companies could model on. They are meeting most expectations for a data-compliant business in managing their own operations, and are providing pages on data safety in AI. However, there is an opportunity to improve transparency to users concerning how their data is used for LLM training and sale, and how to opt out.

2. AI DPO Assessment

Category

Assessment

Notes

Privacy Policy and other Documentation

âś…

Data Collection

âś…

The Privacy Policy clearly lists the data categories collected: Personal data provided (including audio input), personal data automatically collected (trackers and cookies), and third-party information about the user.

Data Processing

âś…

Data sharing with third-party service providers is disclosed. Specifics about which companies and storage locations are also provided. The purposes of data processing are also shared, including a caveat that data used for training is not used to profile or target consumers.

User Controls

âś…

Users are informed of their GDPR and CCPA rights. An email address is provided for rights requests and ElevenLabs has a Data Protection Officer for users to get in touch with.

AI-Specific Disclosures

âś…

Model training use is disclosed in the Privacy Policy. ElevenLabs uses third party personal data, and data collected in several of their products to train, develop and improve their own AI models. By becoming a user you allow access to your personal data to train the company's AI models by default. However, you may opt out at any time through your account.

Cookie Handling and Data Sale

⚠️

Website and app users are tracked. There is a cookie notice that also displays all cookie and tracker information, where users can reject all or accept cookies. Cookies are not dropped until accepted. ElevenLabs has also sold data in the past 12 months to advertisers. They clearly state which data (IP address; unique identifier), however the link to opt out is missing.

ElevenLabs currently stands at Level 2 🤙: Privacy engineered.

3. Highlights

  • Personal data transparency: ElevenLabs demonstrates transparency in their collection and processing of customer personal data. Their Privacy Policy and Docs indicate privacy goes beyond compliance, and is a customer need.

  • Control over personal data in LLM training: Making model training a feature of your product can be okay if communicated transparently. However, ElevenLabs does allow opt out even on free plans.

4. Where Trust Can Grow

  • Clarify data used for model training: There’s an opportunity to strengthen user trust by clearly highlighting in-app that personal data is used for model training, and give that choice to the user. Especially as ElevenLabs sells this data, this could be a major trust lever.

We won’t comment on AI guardrails in this review, but ElevenLabs has a specific page on on their website.

ElevenLabs hosts a for the personal data collection of their users. Last updated February 2025. It’s worth saying the policy applies to individual users and when ElevenLabs directly provides their service. A different policy governs enterprise cooperation. ElevenLabs also provides information on data protection and HIPAA compliance in their .

Customer-centered privacy information: ElevenLabs’ showcases how to use their product in a compliant way when collecting health data of US persons. This page is a great example of how to help your customers stay compliant, in the use of your product.

Improve discovery of privacy pages: ElevenLabs hosts a with Drata, and privacy and Docs pages. However, I had to know what I was looking for to find these resources.

At Assenteo, we help enterprise-focused AI builders turn data protection into a product strength through providing data protection professional services. While this review focused on basic compliance and public transparency, our core service supports full compliance, strong UX practices, and competitive advantage through trust. If you're a serious builder, .

AI Safety
HIPAA page
compliance page
HIPAA compliance
let's chat
privacy notice
Docs
ElevenLabs